5 matches found
EUVD-2025-206597
The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...
EUVD-2025-19919
Malicious code in bioql PyPI...
Threat Actor Claims to Sell 15.8 Million Plain-Text PayPal Credentials
A seller named ChuckyBF is offering 15.8M PayPal logins with emails, passwords, and URLs. The data may come…...
CVE-2025-6814
The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportnow function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts, user meta, and PayPal...
CVE-2025-6814 Booking X 1.0 - 1.1.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via export_now() Function
The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportnow function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts, user meta, and PayPal...